What is a replay attack?

Overview

A replay attack is a kind of man-in-the-middle attack in which an attacker sniffs messages being sent on a channel to intercept them and resend them under the cloak of authentic messages. What makes the replay attack particularly harmful is that the attacker does not even need to decrypt the message they resend but can still fool the receiver into thinking that the received message is legitimate.

Example

The figure above shows the overview of a replay attack. Let’s look at an example to understand the attack better.

Suppose Alice wants to request Bob to transfer $100 from his account to hers. Alice will send an authentic message to Bob to make this request. Since Bob trusts Alice, he transfers her the amount. Unfortunately, Alice’s initial transfer request was intercepted by an attacker who resends the message to Bob. Bob sees a message he thinks is from Alice, so he again transfers the required amount. However, this time the money is transferred to the attacker instead of Alice. This is one example of how replay attacks can be used to meet an attacker’s malicious intent.

How to prevent replay attacks

We know that replay attacks can lead to dire consequences. So, the real question is, how can we protect ourselves from such attacks?

The first way to prevent replay attacks is to attach timestamps or sequence numbers to each sent message. This will allow the receiver to discard any message with a repeated timestamp or sequence number.

Another prevention technique is the use of digital signatures to make it easier for the receiver to authenticate if the sender is really the person they think they are.

Replay attacks can also be minimized with the help of random-session session keys, which are time-specific and will change with time making it difficult for an attacker to fool the receiver with an old message.

Finally, one-time passwords can also be used to counter replay attacks. This method is already used by many banking services today.